Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
التثبيت
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
allowed-tools
Read, Grep, Glob, Bash, WebFetch, Agent
LLM Risk Assessment (2025)
Comprehensive evaluation of LLM applications against OWASP Top 10 for LLM Applications 2025. Follow the detailed procedure in plays/llm-risk-assess.md.
Steps
Architecture & Threat Modeling
Map LLM provider (OpenAI, Anthropic, local models)
Document data flows: user input → preprocessing → prompt construction → LLM → output processing → actions
Identify RAG components, tool integrations, memory systems
Define trust boundaries and attack surfaces
Automated Security Testing
Run prompt injection probes (Garak, Giskard, custom scripts)
Test output handling vulnerabilities
Scan for secrets in prompts and configurations
Validate vector database security
Assess All 10 OWASP LLM 2025 Risks with attack scenarios: